Magosanyi Arpad wrote:
> With plain UDP you are subject to DOS attack, lost messages, maliciously
> inserted log messages, etc.
> To eliminate these deficiencies you should build a reliable transmission
> protocol on top of UDP. That is TCP, but you have made a lot of unnecessary
> efforts to reinvent the wheel.
> What is your problem with a lot of tcp connections besides having a big
> output of netstat -na?
>
As nobody said this before, here it goes:I agree TCP connections for syslog are
a good idea, given that we don't end
up with an HTTP-like protocol that opens a TCP connection for every little
100byte packet. The overhead is just too much. I'd rather go for keeping
one single TCP connection open for each host we are logging to.
> For the exact same reason we should investigate the possibility of having
> SSL as the crypto layer of transmission.
I would rather have a separate specification of the crypto layer, and
aninterface specification if you want (although i find this being an
implementation
issue) to free us from any specific choices here.
>
>
> --
> GNU GPL: csak tiszta forr�sb�l
--
===================[ CORE Seguridad de la Informacion S.A.
]=======================
Emiliano Kargieman
[EMAIL PROTECTED]
Director de Investigacion
www.core-sdi.com
Corelabs
Pte. Juan D. Peron 315 Piso 4 UF 17
Buenos Aires, (1038). Argentina. Tel/Fax :
+(54.11)43.31.54.02
===================================================================================
"When I was younger, I could remember anything, whether it had happened or not;
but my faculties are decaying now and soon I shall be so I cannot remember any
but the things that never happened. It is sad to go to pieces like this but we
all
have to do it." -- Mark Twain
"La maxima adquisicion psicologica del mundo portenio es la absoluta insumision
de las
nuevas generaciones" -- Florencio Escardo
--- For a personal reply use [EMAIL PROTECTED]
